Author: spouliot
Date: 2005-06-14 10:14:36 -0400 (Tue, 14 Jun 2005)
New Revision: 45968
Modified:
trunk/mcs/class/corlib/System.Security.Policy/ChangeLog
trunk/mcs/class/corlib/System.Security.Policy/Evidence.cs
trunk/mcs/class/corlib/System.Security.Policy/PolicyLevel.cs
Log:
2005-06-14 Sebastien Pouliot <[EMAIL PROTECTED]>
* Evidence.cs: Avoid creating the synchronized array lists unless they
are needed.
* PolicyLevel.cs: Fixed System.Drawing public key. IsFullTrustAssembly
can now executed without a Demand for the AssemblyName. Added the
UnionCodeGroup in the default policies. Reworked initialization to
support FullyTrustedAssemblies.
Modified: trunk/mcs/class/corlib/System.Security.Policy/ChangeLog
===================================================================
--- trunk/mcs/class/corlib/System.Security.Policy/ChangeLog 2005-06-14
14:14:23 UTC (rev 45967)
+++ trunk/mcs/class/corlib/System.Security.Policy/ChangeLog 2005-06-14
14:14:36 UTC (rev 45968)
@@ -1,3 +1,12 @@
+2005-06-14 Sebastien Pouliot <[EMAIL PROTECTED]>
+
+ * Evidence.cs: Avoid creating the synchronized array lists unless they
+ are needed.
+ * PolicyLevel.cs: Fixed System.Drawing public key. IsFullTrustAssembly
+ can now executed without a Demand for the AssemblyName. Added the
+ UnionCodeGroup in the default policies. Reworked initialization to
+ support FullyTrustedAssemblies.
+
2005-06-08 Sebastien Pouliot <[EMAIL PROTECTED]>
* PolicyLevel.cs: Added some missing initialization. More code reuse.
Modified: trunk/mcs/class/corlib/System.Security.Policy/Evidence.cs
===================================================================
--- trunk/mcs/class/corlib/System.Security.Policy/Evidence.cs 2005-06-14
14:14:23 UTC (rev 45967)
+++ trunk/mcs/class/corlib/System.Security.Policy/Evidence.cs 2005-06-14
14:14:36 UTC (rev 45968)
@@ -9,7 +9,7 @@
//
// (C) 2001 Ximian, Inc.
// Portions (C) 2003, 2004 Motus Technologies Inc. (http://www.motus.com)
-// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
@@ -57,22 +57,20 @@
public Evidence ()
{
- hostEvidenceList = ArrayList.Synchronized (new
ArrayList ());
- assemblyEvidenceList = ArrayList.Synchronized (new
ArrayList ());
}
- public Evidence (Evidence evidence) : this ()
+ public Evidence (Evidence evidence)
{
if (evidence != null)
Merge (evidence);
}
- public Evidence (object[] hostEvidence, object[]
assemblyEvidence) : this ()
+ public Evidence (object[] hostEvidence, object[]
assemblyEvidence)
{
if (null != hostEvidence)
- hostEvidenceList.AddRange (hostEvidence);
+ HostEvidenceList.AddRange (hostEvidence);
if (null != assemblyEvidence)
- assemblyEvidenceList.AddRange
(assemblyEvidence);
+ AssemblyEvidenceList.AddRange
(assemblyEvidence);
}
//
@@ -81,7 +79,12 @@
public int Count {
get {
- return (hostEvidenceList.Count +
assemblyEvidenceList.Count);
+ int count = 0;
+ if (hostEvidenceList != null)
+ count += hostEvidenceList.Count;
+ if (assemblyEvidenceList!= null)
+ count += assemblyEvidenceList.Count;
+ return count;
}
}
@@ -100,8 +103,8 @@
public bool Locked {
get { return _locked; }
+ [SecurityPermission (SecurityAction.Demand,
ControlEvidence = true)]
set {
- new SecurityPermission
(SecurityPermissionFlag.ControlEvidence).Demand ();
_locked = value;
}
}
@@ -110,22 +113,38 @@
get { return this; }
}
+ internal ArrayList HostEvidenceList {
+ get {
+ if (hostEvidenceList == null)
+ hostEvidenceList =
ArrayList.Synchronized (new ArrayList ());
+ return hostEvidenceList;
+ }
+ }
+
+ internal ArrayList AssemblyEvidenceList {
+ get {
+ if (assemblyEvidenceList == null)
+ assemblyEvidenceList =
ArrayList.Synchronized (new ArrayList ());
+ return assemblyEvidenceList;
+ }
+ }
+
//
// Public Methods
//
public void AddAssembly (object id)
{
- assemblyEvidenceList.Add (id);
+ AssemblyEvidenceList.Add (id);
_hashCode = 0;
}
public void AddHost (object id)
{
- if (_locked) {
+ if (_locked && SecurityManager.SecurityEnabled) {
new SecurityPermission
(SecurityPermissionFlag.ControlEvidence).Demand ();
}
- hostEvidenceList.Add (id);
+ HostEvidenceList.Add (id);
_hashCode = 0;
}
@@ -133,18 +152,24 @@
[ComVisible (false)]
public void Clear ()
{
- hostEvidenceList.Clear ();
- assemblyEvidenceList.Clear ();
+ if (hostEvidenceList != null)
+ hostEvidenceList.Clear ();
+ if (assemblyEvidenceList != null)
+ assemblyEvidenceList.Clear ();
_hashCode = 0;
}
#endif
public void CopyTo (Array array, int index)
{
- if (hostEvidenceList.Count > 0)
- hostEvidenceList.CopyTo (array, index);
- if (assemblyEvidenceList.Count > 0)
- assemblyEvidenceList.CopyTo (array, index +
hostEvidenceList.Count);
+ int hc = 0;
+ if (hostEvidenceList != null) {
+ hc = hostEvidenceList.Count;
+ if (hc > 0)
+ hostEvidenceList.CopyTo (array, index);
+ }
+ if ((assemblyEvidenceList != null) &&
(assemblyEvidenceList.Count > 0))
+ assemblyEvidenceList.CopyTo (array, index + hc);
}
#if NET_2_0
@@ -157,9 +182,9 @@
if (e == null)
return false;
- if (hostEvidenceList.Count != e.hostEvidenceList.Count)
+ if (HostEvidenceList.Count != e.HostEvidenceList.Count)
return false;
- if (assemblyEvidenceList.Count !=
e.assemblyEvidenceList.Count)
+ if (AssemblyEvidenceList.Count !=
e.AssemblyEvidenceList.Count)
return false;
for (int i = 0; i < hostEvidenceList.Count; i++) {
@@ -191,13 +216,18 @@
public IEnumerator GetEnumerator ()
{
- return new EvidenceEnumerator
(hostEvidenceList.GetEnumerator (),
- assemblyEvidenceList.GetEnumerator ());
+ IEnumerator he = null;
+ if (hostEvidenceList != null)
+ he = hostEvidenceList.GetEnumerator ();
+ IEnumerator ae = null;
+ if (assemblyEvidenceList != null)
+ assemblyEvidenceList.GetEnumerator ();
+ return new EvidenceEnumerator (he, ae);
}
public IEnumerator GetAssemblyEnumerator ()
{
- return assemblyEvidenceList.GetEnumerator ();
+ return AssemblyEvidenceList.GetEnumerator ();
}
#if NET_2_0
@@ -206,10 +236,14 @@
{
// kind of long so we cache it
if (_hashCode == 0) {
- for (int i = 0; i < hostEvidenceList.Count; i++)
- _hashCode ^= hostEvidenceList
[i].GetHashCode ();
- for (int i = 0; i < assemblyEvidenceList.Count;
i++)
- _hashCode ^= assemblyEvidenceList
[i].GetHashCode ();
+ if (hostEvidenceList != null) {
+ for (int i = 0; i <
hostEvidenceList.Count; i++)
+ _hashCode ^= hostEvidenceList
[i].GetHashCode ();
+ }
+ if (assemblyEvidenceList != null) {
+ for (int i = 0; i <
assemblyEvidenceList.Count; i++)
+ _hashCode ^=
assemblyEvidenceList [i].GetHashCode ();
+ }
}
return _hashCode;
}
@@ -217,20 +251,19 @@
public IEnumerator GetHostEnumerator ()
{
- return hostEvidenceList.GetEnumerator ();
+ return HostEvidenceList.GetEnumerator ();
}
public void Merge (Evidence evidence)
{
if ((evidence != null) && (evidence.Count > 0)) {
- IEnumerator hostenum =
evidence.GetHostEnumerator ();
- while (hostenum.MoveNext ()) {
- AddHost (hostenum.Current);
+ if (evidence.hostEvidenceList != null) {
+ foreach (object o in
evidence.hostEvidenceList)
+ AddHost (o);
}
-
- IEnumerator assemblyenum =
evidence.GetAssemblyEnumerator ();
- while (assemblyenum.MoveNext ()) {
- AddAssembly (assemblyenum.Current);
+ if (evidence.assemblyEvidenceList != null) {
+ foreach (object o in
evidence.assemblyEvidenceList)
+ AddAssembly (o);
}
_hashCode = 0;
}
@@ -325,14 +358,17 @@
{
this.hostEnum = hostenum;
this.assemblyEnum = assemblyenum;
- currentEnum = hostEnum;
+ currentEnum = hostEnum;
}
public bool MoveNext ()
{
+ if (currentEnum == null)
+ return false;
+
bool ret = currentEnum.MoveNext ();
- if ( !ret && hostEnum == currentEnum ) {
+ if (!ret && (hostEnum == currentEnum) &&
(assemblyEnum != null)) {
currentEnum = assemblyEnum;
ret = assemblyEnum.MoveNext ();
}
@@ -342,9 +378,14 @@
public void Reset ()
{
- hostEnum.Reset ();
- assemblyEnum.Reset ();
- currentEnum = hostEnum;
+ if (hostEnum != null) {
+ hostEnum.Reset ();
+ currentEnum = hostEnum;
+ } else {
+ currentEnum = assemblyEnum;
+ }
+ if (assemblyEnum != null)
+ assemblyEnum.Reset ();
}
public object Current {
Modified: trunk/mcs/class/corlib/System.Security.Policy/PolicyLevel.cs
===================================================================
--- trunk/mcs/class/corlib/System.Security.Policy/PolicyLevel.cs
2005-06-14 14:14:23 UTC (rev 45967)
+++ trunk/mcs/class/corlib/System.Security.Policy/PolicyLevel.cs
2005-06-14 14:14:36 UTC (rev 45968)
@@ -55,7 +55,6 @@
private string _location;
private PolicyLevelType _type;
private Hashtable fullNames;
- private bool loaded;
private SecurityElement xml;
internal PolicyLevel (string label, PolicyLevelType type)
@@ -69,7 +68,6 @@
internal void LoadFromFile (string filename)
{
try {
- loaded = false;
// check for policy file
if (!File.Exists (filename)) {
// if it doesn't exist use the default
configuration (like Fx 2.0)
@@ -84,11 +82,13 @@
if (File.Exists (filename)) {
using (StreamReader sr = File.OpenText
(filename)) {
xml = FromString (sr.ReadToEnd
());
- FromXml1 (xml);
+ FromXml (xml);
}
- loaded = true;
} else {
+ CreateDefaultFullTrustAssemblies ();
+ CreateDefaultNamedPermissionSets ();
CreateDefaultLevel (_type);
+ Save ();
}
}
catch {
@@ -97,30 +97,13 @@
// * can't copy default file to policy
// * can't read policy file;
// * can't decode policy file
- if (!loaded)
- CreateDefaultLevel (_type);
+ // * can't save hardcoded policy to filename
}
finally {
_location = filename;
}
}
- internal void Initialize ()
- {
- if (loaded) {
- FromXml2 (xml);
- } else {
- CreateDefaultNamedPermissionSets ();
- try {
- Save ();
- }
- catch {
- // this can fail in many ways
including...
- // * can't save hardcoded policy to
filename
- }
- }
- }
-
internal void LoadFromString (string xml)
{
FromXml (FromString (xml));
@@ -259,12 +242,6 @@
// if (e.Tag != "PolicyLevel")
// throw new ArgumentException (Locale.GetText
("Invalid XML"));
- FromXml1 (e);
- FromXml2 (e);
- }
-
- internal void FromXml1 (SecurityElement e)
- {
SecurityElement sc = e.SearchForChildByTag
("SecurityClasses");
if ((sc != null) && (sc.Children != null) &&
(sc.Children.Count > 0)) {
fullNames = new Hashtable (sc.Children.Count);
@@ -290,13 +267,10 @@
SecurityElement cg = e.SearchForChildByTag
("CodeGroup");
if ((cg != null) && (cg.Children != null) &&
(cg.Children.Count > 0)) {
root_code_group = CodeGroup.CreateFromXml (cg,
this);
- }
- else
+ } else {
throw new ArgumentException (Locale.GetText
("Missing Root CodeGroup"));
- }
+ }
- internal void FromXml2 (SecurityElement e)
- {
SecurityElement nps = e.SearchForChildByTag
("NamedPermissionSets");
if ((nps != null) && (nps.Children != null) &&
(nps.Children.Count > 0)) {
named_permission_sets.Clear ();
@@ -514,13 +488,40 @@
// (b) no corresponding default policy file exists
internal void CreateDefaultLevel (PolicyLevelType type)
{
- PolicyStatement psu = new PolicyStatement (new
PermissionSet (PermissionState.Unrestricted));
+ PolicyStatement psu = new PolicyStatement
(DefaultPolicies.FullTrust);
switch (type) {
case PolicyLevelType.Machine:
// by default all stuff is in the machine
policy...
- root_code_group = new UnionCodeGroup (new
ZoneMembershipCondition (SecurityZone.MyComputer), psu);
+ PolicyStatement psn = new PolicyStatement
(DefaultPolicies.Nothing);
+ root_code_group = new UnionCodeGroup (new
AllMembershipCondition (), psn);
root_code_group.Name = "All_Code";
+
+ UnionCodeGroup myComputerZone = new
UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.MyComputer), psu);
+ myComputerZone.Name = "My_Computer_Zone";
+ // TODO: strongname code group for ECMA and MS
keys
+ root_code_group.AddChild (myComputerZone);
+
+ UnionCodeGroup localIntranetZone = new
UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Intranet),
+ new PolicyStatement
(DefaultPolicies.LocalIntranet));
+ localIntranetZone.Name = "LocalIntranet_Zone";
+ // TODO: same site / same directory
+ root_code_group.AddChild (localIntranetZone);
+
+ PolicyStatement psi = new PolicyStatement
(DefaultPolicies.Internet);
+ UnionCodeGroup internetZone = new
UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Internet), psi);
+ internetZone.Name = "Internet_Zone";
+ // TODO: same site
+ root_code_group.AddChild (internetZone);
+
+ UnionCodeGroup restrictedZone = new
UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), psn);
+ restrictedZone.Name = "Restricted_Zone";
+ root_code_group.AddChild (restrictedZone);
+
+ UnionCodeGroup trustedZone = new UnionCodeGroup
(new ZoneMembershipCondition (SecurityZone.Trusted), psi);
+ trustedZone.Name = "Trusted_Zone";
+ // TODO: same site
+ root_code_group.AddChild (trustedZone);
break;
case PolicyLevelType.User:
case PolicyLevelType.Enterprise:
@@ -530,8 +531,6 @@
root_code_group.Name = "All_Code";
break;
}
-
- CreateDefaultFullTrustAssemblies ();
}
internal void CreateDefaultFullTrustAssemblies ()
@@ -542,7 +541,7 @@
full_trust_assemblies.Add
(DefaultPolicies.FullTrustMembership ("System", DefaultPolicies.Key.Ecma));
full_trust_assemblies.Add
(DefaultPolicies.FullTrustMembership ("System.Data", DefaultPolicies.Key.Ecma));
full_trust_assemblies.Add
(DefaultPolicies.FullTrustMembership ("System.DirectoryServices",
DefaultPolicies.Key.MsFinal));
- full_trust_assemblies.Add
(DefaultPolicies.FullTrustMembership ("System.Drawing",
DefaultPolicies.Key.Ecma));
+ full_trust_assemblies.Add
(DefaultPolicies.FullTrustMembership ("System.Drawing",
DefaultPolicies.Key.MsFinal));
full_trust_assemblies.Add
(DefaultPolicies.FullTrustMembership ("System.Messaging",
DefaultPolicies.Key.MsFinal));
full_trust_assemblies.Add
(DefaultPolicies.FullTrustMembership ("System.ServiceProcess",
DefaultPolicies.Key.MsFinal));
}
@@ -571,7 +570,7 @@
internal bool IsFullTrustAssembly (Assembly a)
{
- AssemblyName an = a.GetName ();
+ AssemblyName an = a.UnprotectedGetName ();
StrongNamePublicKeyBlob snpkb = new
StrongNamePublicKeyBlob (an.GetPublicKey ());
StrongNameMembershipCondition snMC = new
StrongNameMembershipCondition (snpkb, an.Name, an.Version);
foreach (StrongNameMembershipCondition sn in
full_trust_assemblies) {
_______________________________________________
Mono-patches maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-patches
