From 463f42eeed876a3f73aa5111ec52855fb118d987 Mon Sep 17 00:00:00 2001
From: Sebastien Pouliot <sebastien@ximian.com>
Date: Tue, 17 Mar 2009 14:39:37 +0000
Subject: [PATCH] 2009-03-17  Sebastien Pouliot  <sebastien@ximian.com>

	* verify.c (mono_verifier_is_class_full_trust): Add support for
	CoreCLR security mode where trusted assemblies are defined as
	"platform code".


svn path=/trunk/mono/; revision=129588
---
 mono/metadata/ChangeLog |  6 ++++++
 mono/metadata/verify.c  | 13 ++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/mono/metadata/ChangeLog b/mono/metadata/ChangeLog
index 8ab2dbb0b60..6fd3436bda6 100644
--- a/mono/metadata/ChangeLog
+++ b/mono/metadata/ChangeLog
@@ -1,3 +1,9 @@
+2009-03-17  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* verify.c (mono_verifier_is_class_full_trust): Add support for
+	CoreCLR security mode where trusted assemblies are defined as
+	"platform code".
+
 2009-03-16 Rodrigo Kumpera  <rkumpera@novell.com>
 
 	* metadata-verify.c: Add minimal PECOFF resource verification.
diff --git a/mono/metadata/verify.c b/mono/metadata/verify.c
index 9e5770dba38..6f256c8e3f4 100644
--- a/mono/metadata/verify.c
+++ b/mono/metadata/verify.c
@@ -19,6 +19,8 @@
 #include <mono/metadata/metadata.h>
 #include <mono/metadata/metadata-internals.h>
 #include <mono/metadata/class-internals.h>
+#include <mono/metadata/security-manager.h>
+#include <mono/metadata/security-core-clr.h>
 #include <mono/metadata/tokentype.h>
 #include <string.h>
 #include <signal.h>
@@ -5840,18 +5842,19 @@ mono_verifier_is_method_full_trust (MonoMethod *method)
  * 
  * TODO This code doesn't take CAS into account.
  * 
- * This value is only pertinent to assembly verification and has
- * nothing to do with CoreClr security. 
- * 
  * Under verify_all all user code must be verifiable if no security option was set 
  * 
  */
 gboolean
 mono_verifier_is_class_full_trust (MonoClass *klass)
 {
+	/* under CoreCLR code is trusted if it is part of the "platform" otherwise all code inside the GAC is trusted */
+	gboolean trusted_location = (mono_security_get_mode () != MONO_SECURITY_MODE_CORE_CLR) ? 
+		klass->image->assembly->in_gac : mono_security_core_clr_is_platform_image (klass->image);
+
 	if (verify_all && verifier_mode == MONO_VERIFIER_MODE_OFF)
-		return klass->image->assembly->in_gac || klass->image == mono_defaults.corlib;
-	return verifier_mode < MONO_VERIFIER_MODE_VERIFIABLE || klass->image->assembly->in_gac || klass->image == mono_defaults.corlib;
+		return trusted_location || klass->image == mono_defaults.corlib;
+	return verifier_mode < MONO_VERIFIER_MODE_VERIFIABLE || trusted_location || klass->image == mono_defaults.corlib;
 }
 
 GSList*
-- 
2.11.4.GIT