1 // ==++== 2 // 3 // Copyright (c) Microsoft Corporation. All rights reserved. 4 // 5 // ==--== 6 // <OWNER>Microsoft</OWNER> 7 using System.Runtime.InteropServices; 8 9 namespace System.Security 10 { 11 // DynamicSecurityMethodAttribute: 12 // Indicates that calling the target method requires space for a security 13 // object to be allocated on the callers stack. This attribute is only ever 14 // set on certain security methods defined within mscorlib. 15 [AttributeUsage(AttributeTargets.Method, AllowMultiple = true, Inherited = false )] 16 sealed internal class DynamicSecurityMethodAttribute : System.Attribute 17 { 18 } 19 20 // SuppressUnmanagedCodeSecurityAttribute: 21 // Indicates that the target P/Invoke method(s) should skip the per-call 22 // security checked for unmanaged code permission. 23 [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false )] 24 [System.Runtime.InteropServices.ComVisible(true)] 25 sealed public class SuppressUnmanagedCodeSecurityAttribute : System.Attribute 26 { 27 } 28 29 // UnverifiableCodeAttribute: 30 // Indicates that the target module contains unverifiable code. 31 [AttributeUsage(AttributeTargets.Module, AllowMultiple = true, Inherited = false )] 32 [System.Runtime.InteropServices.ComVisible(true)] 33 sealed public class UnverifiableCodeAttribute : System.Attribute 34 { 35 } 36 37 // AllowPartiallyTrustedCallersAttribute: 38 // Indicates that the Assembly is secure and can be used by untrusted 39 // and semitrusted clients 40 // For v.1, this is valid only on Assemblies, but could be expanded to 41 // include Module, Method, class 42 [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false )] 43 [System.Runtime.InteropServices.ComVisible(true)] 44 sealed public class AllowPartiallyTrustedCallersAttribute : System.Attribute 45 { 46 private PartialTrustVisibilityLevel _visibilityLevel; AllowPartiallyTrustedCallersAttribute()47 public AllowPartiallyTrustedCallersAttribute () { } 48 49 public PartialTrustVisibilityLevel PartialTrustVisibilityLevel 50 { 51 get { return _visibilityLevel; } 52 set { _visibilityLevel = value; } 53 } 54 } 55 56 public enum PartialTrustVisibilityLevel 57 { 58 VisibleToAllHosts = 0, 59 NotVisibleByDefault = 1 60 } 61 62 #if !FEATURE_CORECLR 63 [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] 64 public enum SecurityCriticalScope 65 { 66 Explicit = 0, 67 Everything = 0x1 68 } 69 #endif // FEATURE_CORECLR 70 71 // SecurityCriticalAttribute 72 // Indicates that the decorated code or assembly performs security critical operations (e.g. Assert, "unsafe", LinkDemand, etc.) 73 // The attribute can be placed on most targets, except on arguments/return values. 74 [AttributeUsage(AttributeTargets.Assembly | 75 AttributeTargets.Class | 76 AttributeTargets.Struct | 77 AttributeTargets.Enum | 78 AttributeTargets.Constructor | 79 AttributeTargets.Method | 80 AttributeTargets.Field | 81 AttributeTargets.Interface | 82 AttributeTargets.Delegate, 83 AllowMultiple = false, 84 Inherited = false )] 85 sealed public class SecurityCriticalAttribute : System.Attribute 86 { 87 #pragma warning disable 618 // We still use SecurityCriticalScope for v2 compat 88 89 #if !FEATURE_CORECLR 90 private SecurityCriticalScope _val; 91 #endif // FEATURE_CORECLR SecurityCriticalAttribute()92 public SecurityCriticalAttribute () {} 93 94 #if !FEATURE_CORECLR SecurityCriticalAttribute(SecurityCriticalScope scope)95 public SecurityCriticalAttribute(SecurityCriticalScope scope) 96 { 97 _val = scope; 98 } 99 100 [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] 101 public SecurityCriticalScope Scope { 102 get { 103 return _val; 104 } 105 } 106 #endif // FEATURE_CORECLR 107 108 #pragma warning restore 618 109 } 110 111 // SecurityTreatAsSafeAttribute: 112 // Indicates that the code may contain violations to the security critical rules (e.g. transitions from 113 // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for 114 // security concerns and is considered security clean. 115 // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. 116 // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. 117 // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. 118 119 [AttributeUsage(AttributeTargets.Assembly | 120 AttributeTargets.Class | 121 AttributeTargets.Struct | 122 AttributeTargets.Enum | 123 AttributeTargets.Constructor | 124 AttributeTargets.Method | 125 AttributeTargets.Field | 126 AttributeTargets.Interface | 127 AttributeTargets.Delegate, 128 AllowMultiple = false, 129 Inherited = false )] 130 [Obsolete("SecurityTreatAsSafe is only used for .NET 2.0 transparency compatibility. Please use the SecuritySafeCriticalAttribute instead.")] 131 sealed public class SecurityTreatAsSafeAttribute : System.Attribute 132 { SecurityTreatAsSafeAttribute()133 public SecurityTreatAsSafeAttribute () { } 134 } 135 136 // SecuritySafeCriticalAttribute: 137 // Indicates that the code may contain violations to the security critical rules (e.g. transitions from 138 // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for 139 // security concerns and is considered security clean. Also indicates that the code is considered SecurityCritical. 140 // The effect of this attribute is as if the code was marked [SecurityCritical][SecurityTreatAsSafe]. 141 // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. 142 // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. 143 // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. 144 145 [AttributeUsage(AttributeTargets.Class | 146 AttributeTargets.Struct | 147 AttributeTargets.Enum | 148 AttributeTargets.Constructor | 149 AttributeTargets.Method | 150 AttributeTargets.Field | 151 AttributeTargets.Interface | 152 AttributeTargets.Delegate, 153 AllowMultiple = false, 154 Inherited = false )] 155 sealed public class SecuritySafeCriticalAttribute : System.Attribute 156 { SecuritySafeCriticalAttribute()157 public SecuritySafeCriticalAttribute () { } 158 } 159 160 // SecurityTransparentAttribute: 161 // Indicates the assembly contains only transparent code. 162 // Security critical actions will be restricted or converted into less critical actions. For example, 163 // Assert will be restricted, SuppressUnmanagedCode, LinkDemand, unsafe, and unverifiable code will be converted 164 // into Full-Demands. 165 166 [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false )] 167 sealed public class SecurityTransparentAttribute : System.Attribute 168 { SecurityTransparentAttribute()169 public SecurityTransparentAttribute () {} 170 } 171 172 #if !FEATURE_CORECLR 173 public enum SecurityRuleSet : byte 174 { 175 None = 0, 176 Level1 = 1, // v2.0 transparency model 177 Level2 = 2, // v4.0 transparency model 178 } 179 180 // SecurityRulesAttribute 181 // 182 // Indicates which set of security rules an assembly was authored against, and therefore which set of 183 // rules the runtime should enforce on the assembly. For instance, an assembly marked with 184 // [SecurityRules(SecurityRuleSet.Level1)] will follow the v2.0 transparency rules, where transparent code 185 // can call a LinkDemand by converting it to a full demand, public critical methods are implicitly 186 // treat as safe, and the remainder of the v2.0 rules apply. 187 [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false)] 188 public sealed class SecurityRulesAttribute : Attribute 189 { 190 private SecurityRuleSet m_ruleSet; 191 private bool m_skipVerificationInFullTrust = false; 192 SecurityRulesAttribute(SecurityRuleSet ruleSet)193 public SecurityRulesAttribute(SecurityRuleSet ruleSet) 194 { 195 m_ruleSet = ruleSet; 196 } 197 198 // Should fully trusted transparent code skip IL verification 199 public bool SkipVerificationInFullTrust 200 { 201 get { return m_skipVerificationInFullTrust; } 202 set { m_skipVerificationInFullTrust = value; } 203 } 204 205 public SecurityRuleSet RuleSet 206 { 207 get { return m_ruleSet; } 208 } 209 } 210 #endif // !FEATURE_CORECLR 211 } 212