1 //------------------------------------------------------------ 2 // Copyright (c) Microsoft Corporation. All rights reserved. 3 //------------------------------------------------------------ 4 5 namespace System.Runtime 6 { 7 using System.Security; 8 using System.Security.Permissions; 9 using System.Runtime.CompilerServices; 10 using System.Reflection; 11 12 static class PartialTrustHelpers 13 { 14 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 15 [SecurityCritical] 16 static Type aptca; 17 18 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 19 [SecurityCritical] 20 static volatile bool checkedForFullTrust; 21 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 22 [SecurityCritical] 23 static bool inFullTrust; 24 25 internal static bool ShouldFlowSecurityContext 26 { 27 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 28 [SecurityCritical] 29 get 30 { 31 return SecurityManager.CurrentThreadRequiresSecurityContextCapture(); 32 } 33 } 34 35 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 36 [SecurityCritical] IsInFullTrust()37 internal static bool IsInFullTrust() 38 { 39 #if MONO_FEATURE_CAS 40 if (!SecurityManager.CurrentThreadRequiresSecurityContextCapture()) 41 { 42 return true; 43 } 44 45 try 46 { 47 DemandForFullTrust(); 48 return true; 49 } 50 catch (SecurityException) 51 { 52 return false; 53 } 54 #else 55 return true; 56 #endif 57 } 58 #if FEATURE_COMPRESSEDSTACK 59 [Fx.Tag.SecurityNote(Critical = "Captures security context with identity flow suppressed, " + 60 "this requires satisfying a LinkDemand for infrastructure.")] 61 [SecurityCritical] CaptureSecurityContextNoIdentityFlow()62 internal static SecurityContext CaptureSecurityContextNoIdentityFlow() 63 { 64 // capture the security context but never flow windows identity 65 if (SecurityContext.IsWindowsIdentityFlowSuppressed()) 66 { 67 return SecurityContext.Capture(); 68 } 69 else 70 { 71 using (SecurityContext.SuppressFlowWindowsIdentity()) 72 { 73 return SecurityContext.Capture(); 74 } 75 } 76 } 77 #endif 78 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 79 [SecurityCritical] IsTypeAptca(Type type)80 internal static bool IsTypeAptca(Type type) 81 { 82 Assembly assembly = type.Assembly; 83 return IsAssemblyAptca(assembly) || !IsAssemblySigned(assembly); 84 } 85 86 [SecuritySafeCritical] 87 [PermissionSet(SecurityAction.Demand, Unrestricted = true)] 88 [MethodImpl(MethodImplOptions.NoInlining)] DemandForFullTrust()89 internal static void DemandForFullTrust() 90 { 91 } 92 93 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 94 [SecurityCritical] IsAssemblyAptca(Assembly assembly)95 static bool IsAssemblyAptca(Assembly assembly) 96 { 97 if (aptca == null) 98 { 99 aptca = typeof(AllowPartiallyTrustedCallersAttribute); 100 } 101 return assembly.GetCustomAttributes(aptca, false).Length > 0; 102 } 103 104 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 105 [SecurityCritical] 106 [FileIOPermission(SecurityAction.Assert, Unrestricted = true)] IsAssemblySigned(Assembly assembly)107 static bool IsAssemblySigned(Assembly assembly) 108 { 109 byte[] publicKeyToken = assembly.GetName().GetPublicKeyToken(); 110 return publicKeyToken != null & publicKeyToken.Length > 0; 111 } 112 113 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 114 [SecurityCritical] CheckAppDomainPermissions(PermissionSet permissions)115 internal static bool CheckAppDomainPermissions(PermissionSet permissions) 116 { 117 #if MONO_FEATURE_CAS 118 return AppDomain.CurrentDomain.IsHomogenous && 119 permissions.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet); 120 #else 121 return true; 122 #endif 123 } 124 125 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")] 126 [SecurityCritical] HasEtwPermissions()127 internal static bool HasEtwPermissions() 128 { 129 #if MONO_FEATURE_CAS 130 //Currently unrestricted permissions are required to create Etw provider. 131 PermissionSet permissions = new PermissionSet(PermissionState.Unrestricted); 132 return CheckAppDomainPermissions(permissions); 133 #else 134 return true; 135 #endif 136 } 137 138 internal static bool AppDomainFullyTrusted 139 { 140 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision", 141 Safe = "Does not leak critical resources")] 142 [SecuritySafeCritical] 143 get 144 { 145 #if MONO_FEATURE_CAS 146 if (!checkedForFullTrust) 147 { 148 inFullTrust = AppDomain.CurrentDomain.IsFullyTrusted; 149 checkedForFullTrust = true; 150 } 151 152 return inFullTrust; 153 #else 154 return true; 155 #endif 156 } 157 } 158 } 159 } 160