2 * security-manager.c: Security Manager (Unmanaged side)
5 * Sebastien Pouliot <sebastien@ximian.com>
7 * Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
10 #include "security-manager.h"
15 static MonoSecurityManager secman
;
16 static MonoBoolean mono_security_manager_activated
= FALSE
;
17 static MonoBoolean mono_security_manager_enabled
= TRUE
;
18 static MonoBoolean mono_security_manager_execution
= TRUE
;
24 mono_security_manager_get_methods (void)
26 /* Already initialized ? */
27 if (secman
.securitymanager
)
31 secman
.securitymanager
= mono_class_from_name (mono_defaults
.corlib
,
32 "System.Security", "SecurityManager");
33 g_assert (secman
.securitymanager
);
34 if (!secman
.securitymanager
->inited
)
35 mono_class_init (secman
.securitymanager
);
37 secman
.demand
= mono_class_get_method_from_name (secman
.securitymanager
,
39 g_assert (secman
.demand
);
41 secman
.demandchoice
= mono_class_get_method_from_name (secman
.securitymanager
,
42 "InternalDemandChoice", 2);
43 g_assert (secman
.demandchoice
);
45 secman
.demandunmanaged
= mono_class_get_method_from_name (secman
.securitymanager
,
46 "DemandUnmanaged", 0);
47 g_assert (secman
.demandunmanaged
);
49 secman
.inheritancedemand
= mono_class_get_method_from_name (secman
.securitymanager
,
50 "InheritanceDemand", 3);
51 g_assert (secman
.inheritancedemand
);
53 secman
.inheritsecurityexception
= mono_class_get_method_from_name (secman
.securitymanager
,
54 "InheritanceDemandSecurityException", 4);
55 g_assert (secman
.inheritsecurityexception
);
57 secman
.linkdemand
= mono_class_get_method_from_name (secman
.securitymanager
,
59 g_assert (secman
.linkdemand
);
61 secman
.linkdemandunmanaged
= mono_class_get_method_from_name (secman
.securitymanager
,
62 "LinkDemandUnmanaged", 1);
63 g_assert (secman
.linkdemandunmanaged
);
65 secman
.linkdemandfulltrust
= mono_class_get_method_from_name (secman
.securitymanager
,
66 "LinkDemandFullTrust", 1);
67 g_assert (secman
.linkdemandfulltrust
);
69 secman
.linkdemandsecurityexception
= mono_class_get_method_from_name (secman
.securitymanager
,
70 "LinkDemandSecurityException", 3);
71 g_assert (secman
.linkdemandsecurityexception
);
73 secman
.allowpartiallytrustedcallers
= mono_class_from_name (mono_defaults
.corlib
, "System.Security",
74 "AllowPartiallyTrustedCallersAttribute");
75 g_assert (secman
.allowpartiallytrustedcallers
);
77 secman
.suppressunmanagedcodesecurity
= mono_class_from_name (mono_defaults
.corlib
, "System.Security",
78 "SuppressUnmanagedCodeSecurityAttribute");
79 g_assert (secman
.suppressunmanagedcodesecurity
);
85 mono_secman_inheritance_check (MonoClass
*klass
, MonoDeclSecurityActions
*demands
)
87 MonoSecurityManager
* secman
= mono_security_manager_get_methods ();
88 MonoDomain
*domain
= mono_domain_get ();
89 MonoAssembly
*assembly
= mono_image_get_assembly (klass
->image
);
90 MonoReflectionAssembly
*refass
= mono_assembly_get_object (domain
, assembly
);
94 args
[0] = domain
->domain
;
98 res
= mono_runtime_invoke (secman
->inheritancedemand
, NULL
, args
, NULL
);
99 return (*(MonoBoolean
*) mono_object_unbox (res
));
103 mono_secman_inheritancedemand_class (MonoClass
*klass
, MonoClass
*parent
)
105 MonoDeclSecurityActions demands
;
107 /* don't hide previous results -and- don't calc everything for nothing */
108 if (klass
->exception_type
!= 0)
111 /* short-circuit corlib as it is fully trusted (within itself)
112 * and because this cause major recursion headaches */
113 if ((klass
->image
== mono_defaults
.corlib
) && (parent
->image
== mono_defaults
.corlib
))
116 /* Check if there are an InheritanceDemand on the parent class */
117 if (mono_declsec_get_inheritdemands_class (parent
, &demands
)) {
118 /* If so check the demands on the klass (inheritor) */
119 if (!mono_secman_inheritance_check (klass
, &demands
)) {
120 /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
121 klass
->exception_type
= MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND
;
122 klass
->exception_data
= NULL
;
128 mono_secman_inheritancedemand_method (MonoMethod
*override
, MonoMethod
*base
)
130 MonoDeclSecurityActions demands
;
132 /* don't hide previous results -and- don't calc everything for nothing */
133 if (override
->klass
->exception_type
!= 0)
136 /* short-circuit corlib as it is fully trusted (within itself)
137 * and because this cause major recursion headaches */
138 if ((override
->klass
->image
== mono_defaults
.corlib
) && (base
->klass
->image
== mono_defaults
.corlib
))
141 /* Check if there are an InheritanceDemand on the base (virtual) method */
142 if (mono_declsec_get_inheritdemands_method (base
, &demands
)) {
143 /* If so check the demands on the overriding method */
144 if (!mono_secman_inheritance_check (override
->klass
, &demands
)) {
145 /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
146 override
->klass
->exception_type
= MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND
;
147 override
->klass
->exception_data
= base
;
154 * Note: The security manager is activate once when executing the Mono. This
155 * is not meant to be a turn on/off runtime switch.
158 mono_activate_security_manager (void)
160 mono_security_manager_activated
= TRUE
;
164 mono_is_security_manager_active (void)
166 return mono_security_manager_activated
;
170 * @publickey An encoded (with header) public key
171 * @size The length of the public key
173 * returns TRUE if the public key is the ECMA "key", FALSE otherwise
175 * ECMA key isn't a real public key - it's simply an empty (but valid) header
176 * so it's length (16) and value (00000000000000000400000000000000) are
180 mono_is_ecma_key (const char *publickey
, int size
)
183 if ((publickey
== NULL
) || (size
!= MONO_ECMA_KEY_LENGTH
) || (publickey
[8] != 0x04))
186 for (i
=0; i
< size
; i
++) {
187 if ((publickey
[i
] != 0x00) && (i
!= 8))
194 * Context propagation is required when:
195 * (a) the security manager is active (1.x and later)
196 * (b) other contexts needs to be propagated (2.x and later)
198 * returns NULL if no context propagation is required, else the returns the
199 * MonoMethod to call to Capture the ExecutionContext.
202 mono_get_context_capture_method (void)
204 static MonoMethod
*method
= NULL
;
206 if (!mono_security_manager_activated
) {
207 if (mono_image_get_assembly (mono_defaults
.corlib
)->aname
.major
< 2)
211 /* older corlib revisions won't have the class (nor the method) */
212 if (mono_defaults
.executioncontext_class
&& !method
) {
213 mono_class_init (mono_defaults
.executioncontext_class
);
214 method
= mono_class_get_method_from_name (mono_defaults
.executioncontext_class
, "Capture", 0);
221 /* System.Security icalls */
224 ves_icall_System_Security_SecurityManager_get_SecurityEnabled (void)
226 if (!mono_security_manager_activated
)
228 return mono_security_manager_enabled
;
232 ves_icall_System_Security_SecurityManager_set_SecurityEnabled (MonoBoolean value
)
234 /* value can be changed only if the security manager is activated */
235 if (mono_security_manager_activated
) {
236 mono_security_manager_enabled
= value
;
241 ves_icall_System_Security_SecurityManager_get_CheckExecutionRights (void)
243 if (!mono_security_manager_activated
)
245 return mono_security_manager_execution
;
249 ves_icall_System_Security_SecurityManager_set_CheckExecutionRights (MonoBoolean value
)
251 /* value can be changed only id the security manager is activated */
252 if (mono_security_manager_activated
) {
253 mono_security_manager_execution
= value
;
258 ves_icall_System_Security_SecurityManager_GetLinkDemandSecurity (MonoReflectionMethod
*m
, MonoDeclSecurityActions
*kactions
, MonoDeclSecurityActions
*mactions
)
260 MonoMethod
*method
= m
->method
;
261 /* we want the original as the wrapper is "free" of the security informations */
262 if (method
->wrapper_type
== MONO_WRAPPER_MANAGED_TO_NATIVE
|| method
->wrapper_type
== MONO_WRAPPER_MANAGED_TO_MANAGED
) {
263 method
= mono_marshal_method_from_wrapper (method
);
266 mono_class_init (method
->klass
);
268 /* if either the method or it's class has security (any type) */
269 if ((method
->flags
& METHOD_ATTRIBUTE_HAS_SECURITY
) || (method
->klass
->flags
& TYPE_ATTRIBUTE_HAS_SECURITY
)) {
270 memset (kactions
, 0, sizeof (MonoDeclSecurityActions
));
271 memset (mactions
, 0, sizeof (MonoDeclSecurityActions
));
273 /* get any linkdemand (either on the method or it's class) */
274 return mono_declsec_get_linkdemands (method
, kactions
, mactions
);