mono/metadata/security-manager.c

   1 /*
   2  * security-manager.c:  Security Manager (Unmanaged side)
   3  *
   4  * Author:
   5  *      Sebastien Pouliot  <sebastien@ximian.com>
   6  *
   7  * Copyright 2005-2009 Novell, Inc (http://www.novell.com)
   8  */
   9
  10 #include "security-manager.h"
  11
  12
  13 /* Internal stuff */
  14
  15 static MonoSecurityManager secman;
  16 static MonoBoolean mono_security_manager_activated = FALSE;
  17 static MonoBoolean mono_security_manager_enabled = TRUE;
  18 static MonoBoolean mono_security_manager_execution = TRUE;
  19 static MonoSecurityMode mono_security_mode = MONO_SECURITY_MODE_NONE;
  20
  21
  22 /* Public stuff */
  23
  24 void
  25 mono_security_set_mode (MonoSecurityMode mode)
  26 {
  27         mono_security_mode = mode;
  28 }
  29
  30 MonoSecurityMode
  31 mono_security_get_mode (void)
  32 {
  33         return mono_security_mode;
  34 }
  35
  36 MonoSecurityManager*
  37 mono_security_manager_get_methods (void)
  38 {
  39         /* Already initialized ? */
  40         if (secman.securitymanager)
  41                 return &secman;
  42
  43         /* Initialize */
  44         secman.securitymanager = mono_class_from_name (mono_defaults.corlib,
  45                 "System.Security", "SecurityManager");
  46         g_assert (secman.securitymanager);
  47         if (!secman.securitymanager->inited)
  48                 mono_class_init (secman.securitymanager);
  49
  50         secman.demand = mono_class_get_method_from_name (secman.securitymanager,
  51                 "InternalDemand", 2);
  52         g_assert (secman.demand);
  53
  54         secman.demandchoice = mono_class_get_method_from_name (secman.securitymanager,
  55                 "InternalDemandChoice", 2);
  56         g_assert (secman.demandchoice);
  57
  58         secman.demandunmanaged = mono_class_get_method_from_name (secman.securitymanager,
  59                 "DemandUnmanaged", 0);
  60         g_assert (secman.demandunmanaged);
  61
  62         secman.inheritancedemand = mono_class_get_method_from_name (secman.securitymanager,
  63                 "InheritanceDemand", 3);
  64         g_assert (secman.inheritancedemand);
  65
  66         secman.inheritsecurityexception = mono_class_get_method_from_name (secman.securitymanager,
  67                 "InheritanceDemandSecurityException", 4);
  68         g_assert (secman.inheritsecurityexception);
  69
  70         secman.linkdemand = mono_class_get_method_from_name (secman.securitymanager,
  71                 "LinkDemand", 3);
  72         g_assert (secman.linkdemand);
  73
  74         secman.linkdemandunmanaged = mono_class_get_method_from_name (secman.securitymanager,
  75                 "LinkDemandUnmanaged", 1);
  76         g_assert (secman.linkdemandunmanaged);
  77
  78         secman.linkdemandfulltrust = mono_class_get_method_from_name (secman.securitymanager,
  79                 "LinkDemandFullTrust", 1);
  80         g_assert (secman.linkdemandfulltrust);
  81
  82         secman.linkdemandsecurityexception = mono_class_get_method_from_name (secman.securitymanager,
  83                 "LinkDemandSecurityException", 2);
  84         g_assert (secman.linkdemandsecurityexception);
  85
  86         secman.allowpartiallytrustedcallers = mono_class_from_name (mono_defaults.corlib, "System.Security",
  87                 "AllowPartiallyTrustedCallersAttribute");
  88         g_assert (secman.allowpartiallytrustedcallers);
  89
  90         secman.suppressunmanagedcodesecurity = mono_class_from_name (mono_defaults.corlib, "System.Security",
  91                 "SuppressUnmanagedCodeSecurityAttribute");
  92         g_assert (secman.suppressunmanagedcodesecurity);
  93
  94         return &secman;
  95 }
  96
  97 static gboolean
  98 mono_secman_inheritance_check (MonoClass *klass, MonoDeclSecurityActions *demands)
  99 {
 100         MonoSecurityManager* secman = mono_security_manager_get_methods ();
 101         MonoDomain *domain = mono_domain_get ();
 102         MonoAssembly *assembly = mono_image_get_assembly (klass->image);
 103         MonoReflectionAssembly *refass = mono_assembly_get_object (domain, assembly);
 104         MonoObject *res;
 105         gpointer args [3];
 106
 107         args [0] = domain->domain;
 108         args [1] = refass;
 109         args [2] = demands;
 110
 111         res = mono_runtime_invoke (secman->inheritancedemand, NULL, args, NULL);
 112         return (*(MonoBoolean *) mono_object_unbox (res));
 113 }
 114
 115 void
 116 mono_secman_inheritancedemand_class (MonoClass *klass, MonoClass *parent)
 117 {
 118         MonoDeclSecurityActions demands;
 119
 120         /* don't hide previous results -and- don't calc everything for nothing */
 121         if (klass->exception_type != 0)
 122                 return;
 123
 124         /* short-circuit corlib as it is fully trusted (within itself)
 125          * and because this cause major recursion headaches */
 126         if ((klass->image == mono_defaults.corlib) && (parent->image == mono_defaults.corlib))
 127                 return;
 128
 129         /* Check if there are an InheritanceDemand on the parent class */
 130         if (mono_declsec_get_inheritdemands_class (parent, &demands)) {
 131                 /* If so check the demands on the klass (inheritor) */
 132                 if (!mono_secman_inheritance_check (klass, &demands)) {
 133                         /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
 134                         mono_class_set_failure (klass, MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND, NULL);
 135                 }
 136         }
 137 }
 138
 139 void
 140 mono_secman_inheritancedemand_method (MonoMethod *override, MonoMethod *base)
 141 {
 142         MonoDeclSecurityActions demands;
 143
 144         /* don't hide previous results -and- don't calc everything for nothing */
 145         if (override->klass->exception_type != 0)
 146                 return;
 147
 148         /* short-circuit corlib as it is fully trusted (within itself)
 149          * and because this cause major recursion headaches */
 150         if ((override->klass->image == mono_defaults.corlib) && (base->klass->image == mono_defaults.corlib))
 151                 return;
 152
 153         /* Check if there are an InheritanceDemand on the base (virtual) method */
 154         if (mono_declsec_get_inheritdemands_method (base, &demands)) {
 155                 /* If so check the demands on the overriding method */
 156                 if (!mono_secman_inheritance_check (override->klass, &demands)) {
 157                         /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
 158                         mono_class_set_failure (override->klass, MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND, base);
 159                 }
 160         }
 161 }
 162
 163
 164 /*
 165  * Note: The security manager is activate once when executing the Mono. This
 166  * is not meant to be a turn on/off runtime switch.
 167  */
 168 void
 169 mono_activate_security_manager (void)
 170 {
 171         mono_security_manager_activated = TRUE;
 172 }
 173
 174 gboolean
 175 mono_is_security_manager_active (void)
 176 {
 177         return mono_security_manager_activated;
 178 }
 179
 180 /*
 181  * @publickey   An encoded (with header) public key
 182  * @size        The length of the public key
 183  *
 184  * returns TRUE if the public key is the ECMA "key", FALSE otherwise
 185  *
 186  * ECMA key isn't a real public key - it's simply an empty (but valid) header
 187  * so it's length (16) and value (00000000000000000400000000000000) are
 188  * constants.
 189  */
 190 gboolean
 191 mono_is_ecma_key (const char *publickey, int size)
 192 {
 193         int i;
 194         if ((publickey == NULL) || (size != MONO_ECMA_KEY_LENGTH) || (publickey [8] != 0x04))
 195                 return FALSE;
 196
 197         for (i=0; i < size; i++) {
 198                 if ((publickey [i] != 0x00) && (i != 8))
 199                         return FALSE;
 200         }
 201         return TRUE;
 202 }
 203
 204 /*
 205  * Context propagation is required when:
 206  * (a) the security manager is active (1.x and later)
 207  * (b) other contexts needs to be propagated (2.x and later)
 208  *
 209  * returns NULL if no context propagation is required, else the returns the
 210  * MonoMethod to call to Capture the ExecutionContext.
 211  */
 212 MonoMethod*
 213 mono_get_context_capture_method (void)
 214 {
 215         static MonoMethod *method = NULL;
 216
 217         if (!mono_security_manager_activated) {
 218                 if (mono_image_get_assembly (mono_defaults.corlib)->aname.major < 2)
 219                         return NULL;
 220         }
 221
 222         /* older corlib revisions won't have the class (nor the method) */
 223         if (mono_defaults.executioncontext_class && !method) {
 224                 mono_class_init (mono_defaults.executioncontext_class);
 225                 method = mono_class_get_method_from_name (mono_defaults.executioncontext_class, "Capture", 0);
 226         }
 227
 228         return method;
 229 }
 230
 231
 232 /* System.Security icalls */
 233
 234 MonoBoolean
 235 ves_icall_System_Security_SecurityManager_get_SecurityEnabled (void)
 236 {
 237         if (!mono_security_manager_activated) {
 238                 /* SecurityManager is internal for Moonlight and SecurityEnabled is used to know if CoreCLR is active
 239                  * (e.g. plugin executing in the browser) or not (e.g. smcs compiling source code with corlib 2.1)
 240                  */
 241                 return (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR);
 242         }
 243         return mono_security_manager_enabled;
 244 }
 245
 246 void
 247 ves_icall_System_Security_SecurityManager_set_SecurityEnabled (MonoBoolean value)
 248 {
 249         /* value can be changed only if the security manager is activated */
 250         if (mono_security_manager_activated) {
 251                 mono_security_manager_enabled = value;
 252         }
 253 }
 254
 255 MonoBoolean
 256 ves_icall_System_Security_SecurityManager_get_CheckExecutionRights (void)
 257 {
 258         if (!mono_security_manager_activated)
 259                 return FALSE;
 260         return mono_security_manager_execution;
 261 }
 262
 263 void
 264 ves_icall_System_Security_SecurityManager_set_CheckExecutionRights (MonoBoolean value)
 265 {
 266         /* value can be changed only id the security manager is activated */
 267         if (mono_security_manager_activated) {
 268                 mono_security_manager_execution = value;
 269         }
 270 }
 271
 272 MonoBoolean
 273 ves_icall_System_Security_SecurityManager_GetLinkDemandSecurity (MonoReflectionMethod *m, MonoDeclSecurityActions *kactions, MonoDeclSecurityActions *mactions)
 274 {
 275         MonoMethod *method = m->method;
 276         /* we want the original as the wrapper is "free" of the security informations */
 277         if (method->wrapper_type == MONO_WRAPPER_MANAGED_TO_NATIVE || method->wrapper_type == MONO_WRAPPER_MANAGED_TO_MANAGED) {
 278                 method = mono_marshal_method_from_wrapper (method);
 279         }
 280
 281         mono_class_init (method->klass);
 282
 283         /* if either the method or it's class has security (any type) */
 284         if ((method->flags & METHOD_ATTRIBUTE_HAS_SECURITY) || (method->klass->flags & TYPE_ATTRIBUTE_HAS_SECURITY)) {
 285                 memset (kactions, 0, sizeof (MonoDeclSecurityActions));
 286                 memset (mactions, 0, sizeof (MonoDeclSecurityActions));
 287
 288                 /* get any linkdemand (either on the method or it's class) */
 289                 return mono_declsec_get_linkdemands (method, kactions, mactions);
 290         }
 291         return FALSE;
 292 }